diff options
author | Sean Pryor <spryor@redhat.com> | 2017-11-06 16:17:11 -0500 |
---|---|---|
committer | Sean Pryor <spryor@redhat.com> | 2017-11-06 16:17:11 -0500 |
commit | 204b1f4c148f689145e859bb77b00f6e45ae8159 (patch) | |
tree | 6c7d2ed2c5687eab5ba52d82448c590eb0ab9e91 | |
parent | 6427e7e3fcff29ddc758fb847fab34c0c115ce7a (diff) | |
parent | 1992842043393c597bf82142cf963b82cfa2ee59 (diff) | |
download | openstack-access-policy-204b1f4c148f689145e859bb77b00f6e45ae8159.tar.gz openstack-access-policy-204b1f4c148f689145e859bb77b00f6e45ae8159.tar.xz openstack-access-policy-204b1f4c148f689145e859bb77b00f6e45ae8159.zip |
Merge branch 'master' of gitlab.cee.redhat.com:verizon-mpn-harris/OSP-Readonly-Policies
-rw-r--r-- | README.md | 37 |
1 files changed, 2 insertions, 35 deletions
@@ -1,35 +1,2 @@ -This is a repository of the files/tools we are developping around -integrating the sevone (monitoring software) into RH-OSP. - -This project includes several areas: -- Add policy files to the overcloud to restrict the 'readonly' role and prevent - update/create/delete operations. - -- Add tooling (OBSOLETE since this will be done through node-payload in the - osp10 templates) to push/update policies on the overcloud. - -- Provide a MOP (Method of procedure) to enable Sevone pre-requisites on - both the undercloud and overcloud. An ASCII version of the MOP is provided - in this repository. - -This work on the 'readonly' role was a request of the VZW HQ Planning group. - -Here is how it works: - -On the undercloud, as the 'stack' user perform the following steps: - - 1) source stackrc - 2) git clone https://gitlab.cee.redhat.com/vcojot/OSP-Readonly-Policies/tree/master - 3) ./policydir/files/push_readonly_policies_to_overcloud.sh - 4) source overcloudrc - 5) openstack role create readonly - -(this will auto-detect the controllers and push the appropriate policies) - -To restrict a user, then simply do add the 'readonly' role to the user, do a: - - openstack role add --project <tenant_name> --user <user_name> readonly - -To lift the restrictions and re-enable modifications to the overcloud, do a: - - openstack role remove --project <tenant_name> --user <user_name> readonly +This repo contains the current ongoing work of attempting to implement a +read-only role via policy.json in OSP10
\ No newline at end of file |